package com.zb.springboot_zb_sql.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
MyUserDetailsService myUserDetailsService;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/").permitAll()
                .antMatchers("/student/**").hasRole("学生")
                .antMatchers("/teacher/**").hasRole("老师");
        http.csrf().ignoringAntMatchers("/druid/*");

        //开启自动配置的登录功能
        http.formLogin().usernameParameter("userName").passwordParameter("userPassword").loginPage("/login");
        //开启自动配置注销功能
        http.logout().logoutSuccessUrl("/");//注销成功以后来到首页
        //访问/logout表示注销用户 情空session
        //开启记住我功能
//       http.rememberMe().rememberMeParameter("remember-me").userDetailsService(myUserDetailsService);
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return  new BCryptPasswordEncoder();
    }
}
